load bucket policies using object layer API (#6084)

This PR fixes an issue during gateway mode
where underlying policies were not translated
into meaningful policies.
master
Harshavardhana 6 years ago committed by Nitish Tiwari
parent d9d13c898c
commit abf209b1dd
  1. 2
      cmd/fs-v1.go
  2. 7
      cmd/gateway-main.go
  3. 8
      cmd/gateway/nas/gateway-nas.go
  4. 6
      cmd/policy.go
  5. 2
      cmd/xl-sets.go
  6. 2
      cmd/xl-v1-bucket.go

@ -1215,7 +1215,7 @@ func (fs *FSObjects) SetBucketPolicy(ctx context.Context, bucket string, policy
// GetBucketPolicy will get policy on bucket // GetBucketPolicy will get policy on bucket
func (fs *FSObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) { func (fs *FSObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
return GetPolicyConfig(fs, bucket) return getPolicyConfig(fs, bucket)
} }
// DeleteBucketPolicy deletes all policies on bucket // DeleteBucketPolicy deletes all policies on bucket

@ -215,6 +215,13 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
logger.FatalIf(err, "Unable to initialize gateway backend") logger.FatalIf(err, "Unable to initialize gateway backend")
} }
if gw.Name() != "nas" {
// Initialize policy sys for all gateways. NAS gateway already
// initializes policy sys internally, avoid double initialization.
// Additionally also don't block the initialization of gateway.
go globalPolicySys.Init(newObject)
}
// Once endpoints are finalized, initialize the new object api. // Once endpoints are finalized, initialize the new object api.
globalObjLayerMutex.Lock() globalObjLayerMutex.Lock()
globalObjectAPI = newObject globalObjectAPI = newObject

@ -17,12 +17,9 @@
package nas package nas
import ( import (
"context"
"github.com/minio/cli" "github.com/minio/cli"
minio "github.com/minio/minio/cmd" minio "github.com/minio/minio/cmd"
"github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/auth"
"github.com/minio/minio/pkg/policy"
) )
const ( const (
@ -128,8 +125,3 @@ type nasObjects struct {
func (l *nasObjects) IsNotificationSupported() bool { func (l *nasObjects) IsNotificationSupported() bool {
return false return false
} }
// GetBucketPolicy will get policy on bucket
func (l *nasObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
return minio.GetPolicyConfig(l, bucket)
}

@ -99,7 +99,7 @@ func (sys *PolicySys) refresh(objAPI ObjectLayer) error {
} }
sys.removeDeletedBuckets(buckets) sys.removeDeletedBuckets(buckets)
for _, bucket := range buckets { for _, bucket := range buckets {
config, err := GetPolicyConfig(objAPI, bucket.Name) config, err := objAPI.GetBucketPolicy(context.Background(), bucket.Name)
if err != nil { if err != nil {
if _, ok := err.(BucketPolicyNotFound); ok { if _, ok := err.(BucketPolicyNotFound); ok {
sys.Remove(bucket.Name) sys.Remove(bucket.Name)
@ -187,8 +187,8 @@ func getConditionValues(request *http.Request, locationConstraint string) map[st
return args return args
} }
// GetPolicyConfig - get policy config for given bucket name. // getPolicyConfig - get policy config for given bucket name.
func GetPolicyConfig(objAPI ObjectLayer, bucketName string) (*policy.Policy, error) { func getPolicyConfig(objAPI ObjectLayer, bucketName string) (*policy.Policy, error) {
// Construct path to policy.json for the given bucket. // Construct path to policy.json for the given bucket.
configFile := path.Join(bucketConfigPrefix, bucketName, bucketPolicyConfig) configFile := path.Join(bucketConfigPrefix, bucketName, bucketPolicyConfig)

@ -476,7 +476,7 @@ func (s *xlSets) SetBucketPolicy(ctx context.Context, bucket string, policy *pol
// GetBucketPolicy will return a policy on a bucket // GetBucketPolicy will return a policy on a bucket
func (s *xlSets) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) { func (s *xlSets) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
return GetPolicyConfig(s, bucket) return getPolicyConfig(s, bucket)
} }
// DeleteBucketPolicy deletes all policies on bucket // DeleteBucketPolicy deletes all policies on bucket

@ -284,7 +284,7 @@ func (xl xlObjects) SetBucketPolicy(ctx context.Context, bucket string, policy *
// GetBucketPolicy will get policy on bucket // GetBucketPolicy will get policy on bucket
func (xl xlObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) { func (xl xlObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
return GetPolicyConfig(xl, bucket) return getPolicyConfig(xl, bucket)
} }
// DeleteBucketPolicy deletes all policies on bucket // DeleteBucketPolicy deletes all policies on bucket

Loading…
Cancel
Save